Blog

Are You Ready for the Next WannaCry?

October 16, 2019

Author: Les Spruiell

Service Operations and Security at Zentera Systems, Inc

Metasploit announced last month the availability of a BlueKeep exploit module that targets 64-bit versions of Windows 7 and Windows 2008 R2 through Windows Remote Desktop Services (RDP). While this is a net benefit for security practitioners, enabling them to identify susceptible hosts, it also is a reminder that it is only a matter of time until the next WannaCry-like ransomware attack comes.

 

Microsoft has been reminding users of the risks and encouraging them to apply patches. But that’s easier said than done. Patches generally disrupt existing operations and require application owner involvement. They may even require production requalification. Worse, customers may have legacy applications or operating systems that are no longer actively supported. Furthermore, once you’ve patched for one exploit, there’s invariable another one just behind it.

 

These challenges make it hard for enterprises to keep up to date, and are a major reason why well-known security vendors have been recommending customers to block the RDP port at the network level.  However, RDP was originally enabled to support business requirements.  How can IT block abuse of the RDP ports, while still allowing access to those same ports to support the business?

 

Zentera Systems’ CoIP® Platform elegantly solves this dilemma by blocking access to the physical RDP ports, while enabling access over a network overlay that applies additional control and security, with features like Application Interlock™, which restrict access to known and whitelisted RDP client binaries.

 

Zentera Systems recently engaged with a well-known security firm to validate the effectiveness of the CoIP Platform against vulnerabilities like BlueKeep and EternalBlue. The external assessment found that the CoIP Platform security protections were effective at blocking BlueKeep and EternalBlue-based exploits, even for unpatched systems, while still allowing normal application communication to continue through the network overlay. The conclusion of these tests was that customers using the CoIP Platform are not vulnerable to these exploits, even if they have not patched their systems.

 

Zentera’s CoIP Platform supports legacy operating systems – including Windows XP. This is a significant benefit to manufacturing and IT/OT environments where older machines cannot be patched or upgraded due to issues such as an end-of-life application or operating system, or an operations that cannot tolerate downtime caused by constant patching and upgrades.

 

Companies can prepare for the next WannaCry by shifting the focus from network topology-based security to application-based zero trust security. It’s a question of when – not if – the companies need to be prepared.

Zentera Systems, Inc.

Zentera is the leader in secure and agile infrastructure solutions for the digitally-transformed enterprise. The company’s CoIP® Platform provides award-winning zero-trust networking, security, and multi-cloud connectivity that overlays on top of any infrastructure in any fragmented environment, allowing customers to be up and running in less than a day. The CoIP Platform has been deployed by global enterprises to secure employee and third-party network access for compliance, protect sensitive data against leaks, and instantly connect hybrid applications and containers running in the cloud and on-premises. The Silicon Valley-based company has received numerous recognitions, including Cool Vendor for Cloud Security by Gartner.

Copyright © 2019 Zentera Systems, Inc.
All Rights Reserved.

 

All other trademarks and copyrights are the property of their respective owners.